Search

Wiki Hackers!

10/12/2010

Over the last few days there has been a lot of media controversy and coverage on the withdrawal of service (web based and payment processing) by major US corporations for the Wiki-leaks website. The motivation for the withdrawal of service appears to be influenced by the disclosure of secret US cable communications, the content of which has surprised many people. The withdrawal of service has infuriated a lot of individuals across the world who believe that the internets ability to provide information freely is sacrosanct. Just imagine what would have happened if the Iranian government had the ability to stop the Twitter website in its tracks during the course of last years student uprising.

The withdrawal of service has caused a major backlash in the computer community where efforts are now being made by a group called “Anonymous” to attack the websites of the offending organisations. The group have mobilised many thousands of individuals across the world to engage in operation “payback”. The question is whether this sort action potentially breaches UK law.

First, we turn to the Computer Misuse Act 1990, in particular section 3 where it is a criminal offence to engage in any unauthorised act with intent to impair the operation of a computer. As the web is made up of many computers, attacking any one of those would potentially allow a Wiki Hacker to be liable for a prosecution. A further offence is committed if any individual downloads a “botnet” program and uses that to then impair the operation of a computer. It may not be enough to download the botnet program and do nothing with it as clearly some level of impairment needs to be illustrated. Simply logging on to a website may also not be enough, even if masses of people did so at the same time, as the authorities would have to prove a concerted effort. However, downloading a botnet program (which only has one purpose and that is to impair the normal operation of a computer), would certainly strengthen any possible prosecution if that program has been used in that way.

A prosecution under the Computer Misuse Act 1990 is fraught with difficulty in that complex data needs to be unravelled and put in a form that can be understood by a court. A second and more simplistic option would be to pursue a prosecution under the Criminal Damage Act 1971 s.1. Criminal damage is given a very wide meaning so that even a temporary alteration in the state of the operation of a computer may be enough for the authorities to prove the offence. This would avoid the need to produce complex computer evidence and would have the benefit of keeping the proceedings simple and understandable.

Both statues carry maximum sentence of 10 years, however it is difficult to see any sentence of this magnitude being imposed if the current set of circumstances were being applied to a prosecution.

One further issue is that of territoriality and the question as to whether the UK would have jurisdiction to prosecute a UK based Wiki Hacker, if the computer that is damaged or impaired is based in the US. In short, it would not be in the UK’s jurisdiction to pursue the offender, however this would not stop the US from applying for a warrant of extradition!